Reset Password

This is the prompt that lands on a trusted iPhone when someone initiates a password reset on the Apple account tied to it: Use this iPhone to reset your Apple Account password. Two buttons — Don't Allow, Allow. I didn't initiate it.

The attack is simple and well-documented. The person trying to get into the account doesn't need my password. They need me to tap Allow — once — by reflex, by accident, or by fatigue after the prompt has surfaced enough times that I stop reading it and start swatting it away. One mistaken tap and they can reset the password and take the account. Tap Don't Allow every time and they get nothing. The whole contest is one button.

There's a thin benign reading for a single prompt — a stray reset can fire if someone mistypes an Apple ID close to mine, or fumbles a recovery flow. But that explains one prompt, not a pattern. Apple only sends this when a reset is actively requested against the account; a run of them is a run of deliberate requests, each one aimed at this account specifically. These don't come once.

This was one of the first things I noticed. Back in November 2024 — what I now mark as the start of the campaign — these prompts came frequently: concerted, repeated runs at the account. November 2024 is also when my hands began to hurt, and the two onsets are tied together in my memory of when this began. For months the prompts went quiet. In the last month or so they are back, and whoever is behind them is putting in noticeably more effort than they have in a long while.

The pattern is the information. A renewed, sustained push to get into the account after months of relative quiet is its own signal — someone deciding, again, that the access is worth the work. I keep tapping Don't Allow. The screenshot goes in the file.